Allow deep merging of conflicting definitions

[dbryar]

• Changes the behaviour of the security schema to merge, instead of ignore multiple
• Adds a deepMerge flag to the dispute object to allow merging at a component level

[dbryar]

I've also updated the typescript linting and parsing to a more modern version, to remove dependency conflicts, and updated the can-i-use version

[robertmassaioli]

Thanks for this pr! I'll review it properly soon. Cursory read idle thoughts:

• mergeDeep: Might be better to re-engage it for now to be specific.
• I'm not yet grocking how this would be desirable behaviour for all merging behaviour. Need to think it through further, maybe reread it more or have you explain it further.

[dbryar]

Appreciate the quick response.

Under issues there is a call to merge instead of ignore for securityScheme, with a few thumbs. The first change was to simply alter that component to merge (instead of ignore) multiples.

The deep merge option, a new option under the dispute handler, is optional across all components, but written specifically for securityScheme. This is because in a microservice architecture where the services define their security, the IDP may issue different scopes for different services in the JWT of an OAuth based system. Thus, the provider security scheme needs to have all the scopes (as well as other elements) merged, under the same identity. They cannot be indexed with a suffix, nor separated with a prefix.

[dbryar]

Also, some of the dependencies are out of date. I have updated some dev dependencies to fix some confilicts

[dbryar]

@robertmassaioli bumping PR before I fork

[kmcweeney]

Just made the same change to the securityscheme section, would love to see this merged into the project so I don't have to fork.

[robertmassaioli]

I've been a bit delayed lately because I'm on Paternity leave. I am going to be a bit slow to respond and, if you want to fork then you are more than welcome to.

In the meantime, it seems that the entire purpose of this feature is to fix the merging behaviour for securitySchemes and you make a solid argument for that. The merging behaviour is currently broken.

Because we are really trying to solve something specific maybe we should just make this feature apply to securitySchemes only and we can rename the option to mergeSecuritySchemes and potentially even make it default to true or something like that. Is that possible and would that meet your need? Do you have any other need for the other merging behaviour?

[dbryar]

Do you have any other need for the other merging behaviour?

I also need to allow duplicate operationId as we use them to define which Lambda function to call, so that was my next change; to allow a flag that ignores the patch from Issue #7

[ghost]

is that project dead now ?